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Internet Security 



□ Internet has brought convenience to our 
everyday lives 

□ Internet has many design vulnerabilities 

Malicious codes (worm and viruses) caused 
$13.2 billions in financial losses worldwide in 
2001 

□ We need to understand these attacks and 
design corresponding countermeasures 

□ We present our research on a new type of 
attack against anonymous communication 
systems 
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Traditional Spy Network 




□ Indirectly send secret to Intelligence headquarter through a 
number of intermediate agents 

□ Protect the intelligence agent (i.e., source of secret) from 
being identified 
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Tor 

□ A great Internet anonymous communication 
network 

□ Volunteer operation model 

Volunteers around the world donate their computers and 

network bandwidth 

Those donated computers form the Tor network based 

on the Tor protocol 

Those computers in the Tor network relay user 

messages down to the destination 

□ Users of Tor 

Human rights workers 

Many others: refer to Tor website https:// 
www.torproject.org/torusers.html.en/ 
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Components of Tor 




Bob 



Tor Network 



J 

Legend: 

^ Client or Server 
5^ Onion Router 
l'l| Directory Server 

n Client: the user of the Tor network 

□ Server: the target TCP applications such as web servers 

□ Tor (onion) router: the special proxy relays the 
application data 

□ Directory server: servers holding Tor router information 
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How Tor Works? — Circuits 



Alice herself chooses the relay routers and creates 
circuits through the relay routers 

■ Circuit --- communication tunnel from Alice to Bob 

■ These circuits are dedicated for Alice 

Can the routers along the circuit or a third party 
find communication relationship by checking the 
packet h^Hpr? 




Legend: 

□ Client or Server 
jgj Onion Router 
Directory Server 
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How Tor Works? — Onion Routing 
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n A circuit is built incrementally one hop by one hop 
□ Onion-like encryption 

Alice negotiates an AES key with each router 
i Messages are divided into equal sized cells 
i Each router knows only its predecessor and successor 
■ Only the Exit router (OR3) can see the message, 
however it does not know where the message is from 
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Detailed Circuit Setup Steps: One-Hop Circuit 
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(a) Tor Cell Format 
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(b) Tor Realy Cell Format 
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Two-Hop Circuit 
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{Extended, j 
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Create C2, 
E(g^x2) 



Created C2 
g^y2, H(K2) 



Legend: 

E(x) --- RSA encryption 

{X} — AES encryption 

CN — a circuit ID numbered N 
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Three-Hop Circuit 



.(lin k is TLS-encrypted) 

Create CI, 
E(g^xl) 



Entry OR 

(05U 



Middle OR 



Created CI, 
g A yl, H(K1) 

Relay CI, 
(Extend, OR2, E(g A x2), 



Relay CI, 
{Extended, g A y2, H(K2)} 



Relay CI, \ 

{{Extend, OR3,| 

E(g^x2)}} I 



Relay CI, 

{{Extended, 

g^y3, H(K3)}} 
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E(x) --- RSA encryption 

{X} --- AES encryption 

CN — - a circuit ID numbered N 
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Connection Setup Example 
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Relay CI, 
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Relay C2, 
{{Begin<IP, Port>}} 



Relay C2, 
{{Connected}} 

Relay C2, 
{{Data, "Hello"}} 



Relay C2, 
{{End, Reason>}} 
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Relay C3, 
{Begin<IP, Port>} 



Relay C3, 
{Connected} 



Relay C3, 
{Data, "Hello"} 



Relay C3, 
{End, Reason} 
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TCP Teardown 
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Problem Definition of Attacks against Tor 



Alice 



Tor 
Network 




□ Alice is sending messages to Bob through 
an encrypted and anonymous circuit, how 
can Evil confirm the communication 
relationship between Alice and Bob? 
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Attack Methodology 



Tor Network 
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Legend: 

□ Client or Server 
Onion Router 
Directory Server 



■ 



If the attacker can determine circuit segments CI and C3 
belong to the same circuit, the attacker confirms the 
communication relationship for sure 

Entry knows where the packet comes from and Exit knows 

where the packet goes 
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AES Counter — Normal Case 
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n A message comes from Alice through Circuit 
Segment CI, and goes to Bob after Circuit 
Segment C3 

□ An AES counter is synchronized through the circuit 
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AES Counter — Replay Attack Case 
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t t 

□ Replayed message causes 
error at the end of circuit C3 at Eve 2 

The duplicated message disrupts the counter 

□ Therefore, Circuits CI and C3 are created by Alice 

□ Claim: Alice is communicating with Bob 
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AES Counter — Deletion Attack Case 
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u The cell after the deleted cell causes decryption 
error 
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AES Counter — Insert Attack Case 
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AES Counter - Modify Attack Case 
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Issues in Attacks Above 



□ Which cells and when to manipulate 

The circuit is torn down when there is 
decryption error 

□ How to make attack stealthy 

Broken circuits may render Alice's attention 
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Which Cells and When to Manipulate 
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Identify protocol status by counting cells 
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How to Make Attack Stealthy 

□ Insert and replay attacks are very flexible and 
can be made stealthy can be applied freely 



□ When there is no traffic and a circuit is idle (the 
circuit already carried target traffic) 

□ At the end of the lifetime of a circuit 

Default lifetime is 10 minutes 
Before teardown 
■ While holding teardown commands 
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Experiment Setup 




Client Malicious 

Entry Router I 



Tor Network 



□ One computer was setup as an exit router 

□ It takes two days for our second computer 
to become an entry router 
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Decryption Error Time v.s. Duplication Time 
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Impact 



□ Metrics: probability that a circuit chooses 
malicious Tor routers 

A circuit chooses a malicious entry and exit, it 
is done 



□ Attackers can do the following in order to 
increase the probability 

Scheme 1: Inject (donate) high-bandwidth 
routers into the Tor network 
Scheme 2: Compromise high-bandwidth Tor 
routers into the Tor network 
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Big Impact: 9% v.s. 60% 
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Protocol-level Attack v.s. Brute Force Attack 



□ Brute force attack: attackers occudv all routers on a circuit 
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Hard to Defend 



□ No easy way to defend against replay, 
insert, delete and modify attacks because 
of the anonymity maintained here 

The attacks are flexible can be deployed at any 
moment during the life time of a connection 

What if attackers just attack for DoS? 

□ Careful routing protocols 

Choose routers in different countries or regions 
in order to prevent a single organization from 
deploying the attack 
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Many Attacks 
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Tagging Attacks 



□ Outside attackers mark attacks: use TLS to 
guarantee integrity 

□ Protocol-level attacks are by inside attackers 



Tor Network 
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Summary 



□ We identified a class of new attack, protocol-level 
attack, against anonymous communication 
network Tor 

i Need only one cell to confirm the communication 
relationship 

One attack can confirm multiple connections using the 
same circuit 
Confirmation is a sure thing (100%) 

□ Our experiments validate the feasibility and 
effectiveness of all attacks 

□ The impact is huge 

i Given 9% percent of Tor routers are malicious, over 
60% of the connections can be compromised 
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Future Work 



□ Develop countermeasure against the 
protocol-level attack 

Tor is a pioneer software for on-line privacy 

□ Fight the abuse of Tor (forensic traceback) 

Anonymous networks may be abused 

■ Government has resource and donates high- 
performance routers and bandwidth to Tor in 
exchange of necessary surveillance 

The abuse of Tor threatens Tor 
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